On Sat, Aug 29, 2020 at 09:38:53PM -0400, Eli Schwartz wrote: > On 8/29/20 1:47 PM, Patrick Steinhardt wrote: > > This is usually done automatically by GRUB when starting. But as it'll > > not know to first decrypt the volume, it fails executing both of those > > commands just to show you the rescue prompt afterwards. So they are left > > to you now after manually decrypting. I could've added a note up-front > > to spare you the hours-long research, but it got so natural to me that I > > completely forgot. > > > > You should be able to manually create a bootable image with GRUB with > > `grub-mkimage`. The upside of this is that you can add your own early > > configuration to automatically decrypt and do the `normal` dance. I > > didn't care enought to do that myself yet, though, so I can't provide a > > working invocation of that. > > Is grub-install failing to add the relevant cryptomount invocation in > the embedded stub, due to not realizing luks2 can be decrypted like that?
Yup. As I said in a previous mail, work to enable this is currently still under review. We first landed LUKS2 decryption support on its own, with tooling improvements and Argon2 support being the next step. > I wonder if you could hack this to work by relying on autodetection with > grub-install --modules="..." to force luks2 modules to be included, but > with a luks1 "/" root partition. Then *after*, convert the partition > from luks1 to luks2. The grubx64.efi image should both support luks2 due > to manually added modules, AND automatically Do The Right Thing with the > generic cryptomount command. That does sound like quite a hack :) Even if it worked, it'd work only a single time as you cannot re-convert the partition again. My take is it'd probably be easier to just use grub-mkimage(1) instead with a custom config , at least if there is a place where it's properly documented. In the end, all these are just stop-gap measures anyway until support for auto-detection lands. Patrick
signature.asc
Description: PGP signature
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
